EUVD-2006-0268

Malware in sbrugna...

EUVD-2006-0277

Malware in sbrugna...

Siemens LOGO! TDE service "DELETEPROG" Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in a denial of service. An attacker can send an...

Siemens LOGO! TDE service "NFSAccess" Upload File Write Vulnerability

Summary An exploitable file write vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can upload or overwrite file content to the local SD card. An attacker can send a sequence of maliciou...

Siemens LOGO! TDE service "NFSAccess" Delete Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker...

Encryption: Pros and Cons

The expression “when you are a hammer, everything is a nail” has a curious background. The concept belongs to a generalized law of the instrument which is a cognitive bias that occurs by being overly familiar with certain tools, and the likelihood of force-fitting problems to the tools at hand. A...

Oracle Database Multiple Vulnerabilities (January 2006 CPU)

The remote Oracle database server is missing the January 2006 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 DB07 in the Dictionary component and 2 DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed...

CVE-2006-0261

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 DB07 in the Dictionary component and 2 DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed...

CVE-2006-0270

The CVE-2006-0270 entry concerns Oracle Database Server 10.2.0.1 where the Transparent Data Encryption (TDE) Wallet master encryption key is stored in plaintext in the SGA. This plaintext storage could allow a local attacker with SGA access to retrieve the key and decrypt sensitive data. The issu...

CVE-2006-0270

Unspecified vulnerability in the Transparent Data Encryption TDE Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without...

[Full-disclosure] Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext

Hello FD-Reader Event 10053 logs the TDE masterkey in cleartext into the trace file. Oracle fixed this problem with CPU January 2006. http://www.red-database-security.com/advisory/oracletdewalletpassword .html Name Event 10053 logs TDE wallet password in cleartext Systems Oracle Database 10g...